Claims Listing 



1 . (Previously Presented) A method implemented on a computing device having 
instructions stored on a computer-readable storage media and executable by a 
processor, to estimate security requirements needed to execute a managed code for a 
developer prior to an actual execution of the managed code, comprising: 

simulating the execution of all calls from an assembly to another assembly for all 
execution paths of one or more assemblies in the managed code, wherein the assembly 
comprises one or more files versioned and deployed as a unit, wherein the managed 
code is a managed shared library or an executable, wherein all managed code is 
contained within the one or more assemblies, wherein the execution of each assembly 
is statically simulated without actually running a corresponding managed code to 
simulate all possible calls and corresponding flow of argument data; 

finding a set of required permissions for each execution path by one or more 
simulated stack walks that each include a plurality of the assemblies, wherein each call 
in each execution path has a corresponding permissions set, wherein each assembly 
has one or more execution paths representing a different data and a control flow, and 
wherein the simulated stack walk comprises: 

entering an execution path corresponding to a static simulation of 
execution of the assembly; 

entering a public entry point of a method in the assembly; 

gathering a permission set for the method in the assembly; 
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determining whether the method in the assembly calls another method in 
the assembly or in an another assembly; 

gathering a permission set for the another method called by the method in 
the assembly; and 

creating a union of the gathered permission sets; and 
deriving the security requirements for execution paths corresponding to the 
one or more assemblies by using the union of the gathered permission sets across the 
execution paths corresponding to the one or more assemblies, wherein the union 
estimates the security requirements that will be triggered against the one or more 
assemblies during the actual execution of the one or more assemblies and whether a 
security exception will be triggered during the actual execution. 

2. (Original) The method as defined in Claim 1, wherein the execution paths for 
only one said assembly in managed code are simulated to find the set of required 
permissions for each said execution path by a union of the permissions for each said 
execution path. 

3. (Original) The method as defined in Claim 1 , wherein: 

the one or more assemblies in managed code correspond to an application; and 
the set of required permissions for each said execution path comprises a union of 
the permissions for each said execution path. 
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4. (Original) The method as defined in Claim 1 , wherein: 

the assemblies in managed code correspond to a shared library; and 
the set of required permissions for each said execution path comprises one 
separate permission set per entry point in the shared library. 

5. (Original) The method as defined in Claim 1, wherein the set of required 
permissions for each said execution path comprises a union of the permissions for each 
said execution path. 

6. (Currently Amended) The method as defined in Claim 1, wherein one of more 
of the calls in at least one said execution path is [[an]] a cross assembly call. 

7. (Original) The method as defined in Claim 1 , wherein: 

the managed code is built to make use of a common language runtime; 
each said assembly is packaged as an executable entity or as a data link 
library entity and 

each said assembly includes one or more methods. 

8. (Original) The method as defined in Claim 7, wherein the simulation of the 
execution of each said execution path comprises a simulation of the flow of argument 
data using intra and extra method data flow analysis for each said method. 
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9. (Original) The method as defined in Claim 1, wherein when the executable has 
permissions to execute that are not less than a union of permission sets for each said 
execution path, any dynamic execution of the executable will not trigger a security 
exception. 

10. (Cancelled) 

11. (Previously Presented) A computer readable storage medium having a 
tangible component including machine readable instructions for implementing the 
method as defined in Claim 1 . 

12. (Currently Amended) In a managed code environment, a method 
implemented on a computing device having instructions stored on a computer-readable 
storage media and executable by a processor, comprising: 

simulating calling from one assembly to another for which a permission set is 
required, wherein the simulation comprises one or more simulated stack walks that 
include two or more of the assemblies, each assembly being managed code in a library, 
wherein an execution of each assembly is statically simulated without actually running a 
corresponding managed code to simulate all possible calls and corresponding flow of 
argument data, and wherein the simulated stack walk comprises: 

entering a public entry point of a method in the assembly; 

gathering a permission set for the method in the assembly; 
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determining whether the method in the assembly calls another method in 
the assembly or in an another assembly; 
for each called method: 

gathering a permission set for the another method called by the method in 
the assembly; and 

determining whether the another method calls a subsequent method in the 
assembly or in the another assembly; and 

creating a union of the gathered permission sets; 
repeating the calling for each assembly in the managed code and for all 
possible execution paths of the managed code; 

repeating the entering for each public entry point in the library; 
finding the union of the permission sets corresponding to each call ; and 

d e r i v i ng s e cur i ty r e qu i r e m e nts for e x e cut i on p a ths corr e spond i ng to th e 
ass e mb lie s by us i ng th e un i on of th e gath e r e d p e rm i ss i on s e ts across th e 
e x e cut i on paths corr e spond i ng to the on e or mor e ass e mb lie s, wh e r ei n th e un i on 
e st i mat e s th e s e cur i ty r e qu i r e m e nts that w ill b e tr i gg e r e d aga i nst th e ass e mb lie s 
dur i ng an actua l e x e cut i on of th e assemb lie s and wh e th e r a s e cur i ty e xc e pt i on 
w ill b e tr i gg e r e d dur i ng th e actua l e x e cut i on . 

13. (Currently Amended) The method as defined in Claim 12, wherein the 
managed code environment comprises: 

a managed code portion including: 
the assemblies; and 
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a virtual machine; 
a native code portion including: 

an execution engine for the virtual machine; and 
an operating system under the execution engine. 

14. (Previously Presented) The method as defined in Claim 12, wherein: 
the managed code is built to make use of a common language runtime; 
each said assembly is packaged as a data link library entity and 

each said assembly includes one or more methods. 

15. (Original) The method as defined in Claim 12, wherein when the assemblies 
corresponding to the application have permissions to execute that are not less than the 
union of permission sets for each said execution path, any dynamic execution of the 
assemblies corresponding to the application will not trigger a security exception. 

16. (Cancelled) 

17. (Original) The method as defined in Claim 12, wherein the managed code 
environment enforces partial trust security contexts. 

18. (Previously Presented) A computer readable storage medium having a 
tangible component including machine readable instructions for implementing the 
method as defined in claim 12. 
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19. (Currently Amended) One or more computer storage media having a tangible 
component comprising instructions that, when executed by a processor, perform a 
simulation of an execution of every data and control flow for managed code from which 
an estimate is derived of the minimum security requirements needed to dynamically 
execute the managed code without triggering a security exception, the instructions 
comprising: 

simulating one or more stack walks for each data and a control flow for the 
managed code, wherein the managed code corresponds to one or more assemblies, 
wherein the one or more stack walks comprise two or more of the assemblies, wh e r ei n 
th e manag e d cod e mak e s us e of a common languag e runt i m e (CLR) that i s l oad e d 
upon th e f i rst i nvocat i on of a rout i n e , and wherein the simulated stack walk comprises: 
entering a public entry point of a method in an assembly; 
gathering a permission set for the method; 
determining whether the method calls another method; 
for each called method: 

gathering a permission set for the called method; and 

determining whether the called method calls a subsequent method; 

and 

creating a union of the gathered permission sets ; and 
d e r i v i ng th e s e cur i ty r e qu i r e m e nts for e x e cut i on paths corr e spond i ng to th e on e 
or mor e ass e mb lie s by us i ng th e un i on of th e gath e r e d p e rm i ss i on s e ts, wh e r ei n th e 
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un i on e st i mat e s th e s e cur i ty r e qu i r e m e nts that w ill b e tr i gg e r e d aga i nst th e on e or mor e 
ass e mb lie s dur i ng an actua l e x e cut i on of th e on e or mor e ass e mb lie s . 



20. (Previously Presented) The one or more computer storage media as defined 
in Claim 19, wherein: 

the managed code, which comprises a plurality of assemblies, is built to make 
use of a common language runtime; 

each said assembly is packaged as an executable entity or as a data link 
library entity and 

each assembly includes one or more methods. 

21 . (Previously Presented) The one or more computer storage media as defined 
in Claim 19, wherein the dynamic execution of the managed code occurs in a managed 
code environment comprising: 

a managed code portion including: 

the managed code has one or more assemblies and is a library or an 

executable; and 

a virtual machine; 
a native code portion including: 

an execution engine for the virtual machine; and 
an operating system under the execution engine. 
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22. (Previously Presented) The one or more computer storage media as defined 
in Claim 21, wherein: 

the managed code is built to make use of a common language runtime; 
each assembly is packaged as an executable entity or as a data link library 
entity and 

each assembly includes one or more methods. 

23. (Cancelled) 

24. (Previously Presented) The one or more computer storage media as defined 
in Claim 21, wherein: 

each call in each simulated stack walk has a corresponding permissions set; 

and 

the derived estimate is a union of the permissions sets. 

25. (Previously Presented) The one or more computer storage media as defined 
in Claim 21, wherein the managed code environment enforces partial trust security 
contexts. 

26. (Currently Amended) An apparatus comprising: 
means for processing; 

means for storing information in memory coupled to the means for processing; 
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virtual machine means, stored in the memory, in a managed code portion, for 
operating a plurality of assemblies in managed code, wherein the managed code is a 
managed shared library or an executable and is in the managed code portion; 

execution engine means, in a native code portion, for executing the virtual 
machine means; 

means, in the native code portion, for providing an operating system; 
means for making a call in the managed code portion for access by one 
assembly to another assembly for which a permissions set is required; 

means in the managed code portion for gathering the permissions set from 

each call; 

means in the managed code portion for deriving a union of the gathered 
permissions sets; 

means in the managed code portion for statically simulating the execution of 
all possible execution paths for the managed shared library or the executable without 
actually running a corresponding managed code, to derive therefrom the derived union 
of the gathered permissions sets wherein the means for simulating the execution 
performs, for each execution path, one or more simulated stack walks that each include 
a plurality of assemblies, and wherein the one or more simulated stack walks comprise: 

means for entering a public entry point of a method in the assembly; 

means for gathering a permission set for the method; 

means for determining whether the method calls another method; 

for each called method: 

means for gathering a permission set for the called method; 
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means for determining whether the called method calls a subsequent method; 

[[and]] 

means for repeating the previous gathering and determining until any 
gathered permission set is duplicative; and 

means for creating a union of the gathered permission sets ; and 
m e ans — for- — d e r i v i ng — s e curity — r e qu i r e m e nts — f©f — e x e cut i on — paths 
corr e spond i ng to th e p l ura li ty of ass e mb lie s by us i ng th e un i on of th e gath e r e d 
p e rm i ss i on s e ts across th e e x e cut i on paths corr e spond i ng to th e p l ura li ty of 
ass e mb lie s, wh e r ei n th e un i on e st i mat e s wh e th e r a s e cur i ty e xc e pt i on w ill b e 
tr i gg e r e d dur i ng an actua l e x e cut i on of th e ass e mb lie s . 

27. (Previously Presented) The apparatus as defined in Claim 26, further 
comprising: 

means for compiling the assemblies from an intermediate language code and 
metadata into native code; and 

means for loading the native code with a Common Language Runtime loader 
in the native code portion to load the compiled native code, wherein the execution 
engine means executes the compiled native code in the native code portion. 

28. (Original) The apparatus as defined in Claim 26, wherein the managed code 
portion further comprises one or more files associated with user code that, when 
compiled into an intermediate language code and metadata generated by a language 
compiler, are represented by the assemblies. 
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29. (Original) The apparatus as defined in Claim 26, wherein the execution 
engine means in the native code portion further comprises a compiler to compile each 
said assembly into native code for execution by the native code portion. 

30. (Previously Presented) The apparatus as defined in Claim 26, wherein the 
execution engine means in the native code portion further comprises: 

a Just In Time compiler to compile each said assembly into native code; and 
a common language runtime loader to load the compiled native code for 
execution by the native code portion. 

31 . (Original) The apparatus as defined in Claim 26, further comprising: 
means, in the native code portion, for forming a response to the call; and 
means for returning the response to the first assembly in the managed code 

portion. 

32. (Original) The apparatus as defined in Claim 26, wherein: 

the managed code is built to make use of a common language runtime; 
each said assembly is packaged as an executable entity or as a data link 
library entity; and 

each said assembly includes one or more methods. 
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33. (Original) The apparatus as defined in Claim 32, wherein the simulation of the 
execution comprises, for each said execution path, a simulation of the flow of argument 
data using intra and extra data flow analysis for each said method. 

34. (Original) The apparatus as defined in Claim 26, wherein when the 
executable has permissions to execute that are not less than the union of the gathered 
permissions sets, any dynamic execution of the executable will not trigger a security 
exception. 

35. (Cancelled) 

36. (Previously Presented) The apparatus as defined in Claim 26, wherein each 
call in each simulated stack walk has a corresponding permissions set. 

37. (Original) The apparatus as defined in Claim 26, wherein the managed code 
portion and the native code portion are in a managed code environment that enforces 
partial trust security contexts. 

38. (Currently Amended) A computing device comprising: 
a processor; 

a memory coupled to the processor; 

a managed code portion stored in the memory i nc l ud i ng a p l ura li ty of ass e mb lie s 
e ach b ei ng manag e d cod e i n a manag e d shared li brary or i n an e x e cutab le; 
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a native code portion stored in the memory i nc l ud i ng: 
an e x e cut i on e ng i n e ; and 

an op e rat i ng syst e m und e r th e e x e cut i on e ng i n e; and 
a v i rtua l mach i n e i nt e rfac e d b e tw ee n th e manag e d cod e port i on and th e nat i v e 

cod e port i on and e x e cut e d by th e e x e cut i on eng i n e ; 

an application program in the managed code portion comprising logic 

configured to: 

statically simulate the execution of all possible calls from one assembly to 
another assembly for all possible execution paths of the managed code without actually 
running a corresponding managed code to simulate all possible calls and corresponding 
flow of argument data, wherein each assembly call has a corresponding permissions 
set, wherein the simulation of the execution comprises one or more simulated stack 
walks that each include a plurality of [[the]] assemblies, and wherein the one or more 
simulated stack walks comprise: 

a public entry point of a method in the assembly; 

a permission set for the method; 

a determination of whether the method calls another method; 
for each called method: 

a permission set for the called method; 

a determination of whether the called method calls a subsequent 
method; and 

a totality of permission sets such that any subsequent permission 
set is duplicative; and 
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a union of the permission sets; 

derive a union of the permissions sets from each assembly call ; and 
d e r i v i v e s e cur i ty r e qu i r e m e nts for e x e cut i on paths corr e spond i ng to th e p l ura li ty 
of ass e mb lie s by us i ng th e un i on of th e perm i ss i on s e ts across th e e x e cut i on paths 
corr e spond i ng to th e p l ura li ty of ass e mb li es, wh e r ei n th e un i on e st i mat e s th e s e cur i ty 
r e qu i r e m e nts that w ill b e tr i gg e r e d against th e on e or mor e ass e mb lie s dur i ng an actua l 
e x e cut i on of th e ass e mb lie s . 

39. (Original) The computing device as defined in Claim 38, wherein the 
managed code portion further comprises one or more files associated with user code 
that, when compiled into an intermediate language code and metadata generated by a 
language compiler, are represented by: 

the assemblies in the executables; or 
the managed shared library. 

40. (Previously Presented) The computing device as defined in Claim 38, 
wherein the execution engine further comprises: 

a compiler to compile each assembly into native code; and 

a common language runtime loader to load the compiled native code. 

41. (Previously Presented) The computing device as defined in Claim 38, 
wherein: 

the managed code is built to make use of a common language runtime; 
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each assembly is packaged as an executable entity or as a data link library 
entity; and 

each assembly includes one or more methods. 

42. (Original) The computing device as defined in Claim 41, wherein the 
simulation of the execution comprises a simulation of the flow of argument data using 
intra and extra method data flow analysis for each said method. 

43. (Original) The computing device as defined in Claim 38, wherein when the 
executable has permissions to execute that are not less than the union of the 
permissions sets from each said assembly call, any dynamic execution of the 
executable will not trigger a security exception. 

44. (Cancelled) 

45. (Original) The computing device as defined in Claim 38, wherein the 
managed code portion and the native code portion are in a managed code environment 
that enforces partial trust security contexts. 

46. (Cancelled) 

47. (Cancelled) 
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48. (Cancelled) 



49. (Cancelled) 



50. (Cancelled) 



51. (Previously Presented) The method of claim 12, wherein the union of the 
permission sets separately identifies a permission set for each public entry point of the 
library. 
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